Cybersecurity Glossary

Endpoint:  An endpoint is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints include: Desktops, Laptops, Smartphones, Tablets, Servers, Workstations, & Internet-of-things (IoT) devices.  Endpoints represent key vulnerable points of entry for cybercriminals. Endpoints are where attackers execute code and exploit vulnerabilities, as well as where there are assets to be encrypted, exfiltrated or leveraged. With organizational workforces becoming more mobile and users connecting to internal resources from off-premises endpoints all over the world, endpoints are increasingly susceptible to cyberattacks. 

EDR (End Point Detection & Response):  EDR are software tools that can alert your technical staff of malicious activity at endpoints.  This software monitors, analyses, and records in real time with reports to technical staff to aid in their response to incidents.  Also known as ETDR (Endpoint Threat Detection & Response).  EDR is different from anti-virus software in that EDR monitors activity in real time whereas antivirus software searches for known malicious file types at intervals or when prompted.  EDR is a newer developing technology.  

Multi-Factor Authentication:  Also called "Two Step Verification",  is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.

Penetration Tests:  Are authorized simulated cyberattacks on a computer system, performed to evaluate the security of the system.  The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.  The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information—if any—other than the company name is provided). A gray box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor).  A penetration test can help identify a system's vulnerabilities to attack and estimate how vulnerable it is.  

Remote Desktop Protocols:  Remote Desktop Protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389. It provides network access for a remote user over an encrypted channel.  RDP allows users to control their remote Windows machine as if they were physically working on but from another location.  

USB Drops:  These are cyber attack methods where malicious code is placed on a USB drive and left in locations whereas to appear as they were dropped or lost by a co-worker or other person.  A Good Samaritan hoping to return the drive or a thrifty person hoping to pocket a new device for free inserts the "found" drive into their computer's USB port giving access to the attacker's malicious software.